Weaknesses in Software Written in C++
A view in the Common Weakness Enumeration published by The MITRE Corporation.
Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.
This view (slice) covers issues that are found in C++ programs that are not common to all languages.
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompa...
The software defines a public method that reads or modifies a private variable.
The accidental addition of a data-structure sentinel can cause serious programming logic problems.
The code uses an operator for assignment when the intention was to perform a comparison.
The software sets a pointer to a specific address other than NULL or 0.
The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds o...
The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds...
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buf...
The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.
The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.
The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.
The code uses an operator for comparison when the intention was to perform an assignment.
The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.
Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a ...
The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the j...
The software declares a critical variable, field, or member to be public when intended security policy requires it to be private.
The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.
Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.
Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.
The accidental deletion of a data-structure sentinel can cause serious programming logic problems.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.
The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer ...
The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.
Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.
The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the a...
The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index ref...
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memor...
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected ...
The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.
The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
The software does not correctly calculate the length of strings that can contain wide or multi-byte characters.
In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.
The software does not correctly convert an object, resource, or structure from one type to a different type.
Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the co...
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of mem...
The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used t...
The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
The product attempts to close or release a resource or handle more than once, without any successful open between the close operations.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...
The program uses an expression in which operator precedence causes incorrect logic to be used.
The software reads data past the end, or before the beginning, of the intended buffer.
The software writes data past the end, or before the beginning, of the intended buffer.
The program sends non-cloned mutable data as an argument to a method or function.
The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.
Assigning public data to a private array is equivalent to giving public access to the array.
An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.
If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution...
The software makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.
A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.
Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.
The software uses a signal handler that introduces a race condition.
The program defines a signal handler that calls a non-reentrant function.
The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not b...
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter ...
An exception is thrown from a function, but it is not caught.
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer der...
The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative,...
The software uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not...
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
The software uses or accesses a file descriptor after it has been closed.
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.
The application uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.
The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.
The program calls a function that can never be guaranteed to work safely.
The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.
The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory ch...
The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
The software uses the singleton pattern when creating a resource within a multithreaded environment.
The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine ...
The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.